[MBF] Re: another question about PCRE

2016-10-04 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
Can you send me the exact line in your filter for Declude.

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Markus Gufler | Limitis
Sent: Tuesday, October 4, 2016 4:06 AM
To: community@mailsbestfriend.com
Subject: [MBF] another question about PCRE

 

Hi all

 

I try to catch URLs like these  (screenshot)

 



 

I tried to do this with two variants of a regex

https://regex101.com/r/i3TVSc/1

and

https://regex101.com/r/zdJ5r5/1

 

but both seems not being triggered within Declude.

Any idea?

 

Markus

[MBF] Re: Help Wanted

2016-09-12 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
Mail's Best Friend is growing. We need additional IT support help. Flexible
hours. Great rates. Work from Home.
http://mailsbestfriend.com/HelpWanted.htm

 

Email us supp...@mailsbestfriend.com   

 

Thanks

David

[MBF] ALERT: Malicious Message

2016-06-10 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
Matt Bramble has reported a malicious message which can affect your Declude
processing specifically if you have the AUTOREVIEW  ON  in your
declude.cfg, we would suggest all SmarterMail/Declude setups follow these
instructions:


The problem appears to be in the decoding of a bad subject.   The
problematic subject line is as follows:

 

Subject:=?UTF-8?B?MQ==?==?UTF-8?B?MA==?==?UTF-8?B?MA==?==?UTF-8?B?JSBG?==?UT
F-8?B?cmU=?==?UTF-8?B?ZSBw?==?UTF-8?B?cmk=?==?UTF-8?B?Yw==?==?UTF-8?B?ZSBx?=
=?UTF-8?B?dW90?==?UTF-8?B?ZQ==?==?UTF-8?B?cyBv?==?UTF-8?B?biBob20=?==?UTF-8?
B?ZSB3YXI=?==?UTF-8?B?cmFu?==?UTF-8?B?dHk=?==?UTF-8?B?LVI=?==?UTF-8?B?ZXNw?=
=?UTF-8?B?b25k?==?UTF-8?B?IQ==?=

 

To defend your server against this issue using SmarterMail SMTP Blocking:

 

1.   Log in as sys admin SECURITY --> Advanced Settings --> SMTP
Blocking --> New

2.   Block Type --> EHLO Domain

3.   Blocked Addresse.cub.com

4.   Description Malicious Spammer

 

We will provide further updates as necessary.

 

David Barker

[MBF] Re: Internal BLocked Sender

2016-06-01 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
Exactly as I had said in the email. Here it is. User
gl...@gotofusioncreative.com <mailto:gl...@gotofusioncreative.com>
Settings--> My Settings --> Filtering --> Content Filtering

 



 

From: David Barker | Mail's Best Friend | 1-866-919-2075
[mailto:david.bar...@mailsbestfriend.com] 
Sent: Wednesday, June 01, 2016 12:04 AM
To: 'Martin Margheim'
Subject: RE: [MBF] Re: Internal BLocked Sender

 

Email me your admin login to SM let me take a look.

 

From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>
[mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim
Sent: Tuesday, May 31, 2016 11:01 PM
To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> 
Subject: [MBF] Re: Internal BLocked Sender

 

My issue is that I am unable to locate any filter or block that would delete
the email address. All I find are clear of any filter or block

 

 

From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>
[mailto:community@mailsbestfriend.com] On Behalf Of David Barker | Mail's
Best Friend | 1-866-919-2075
Sent: Tuesday, May 31, 2016 10:10 PM
To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> 
Subject: [MBF] Re: Internal BLocked Sender

 

Domain content filtering allows you to create the same types of content
filters as you can on the user level, but the filters added will be applied
to all members of a domain. The evaluation of domain content filters happens
before the evaluation of account-specific content filters. See Content
Filtering
http://help.smartertools.com/SmarterMail/v14/Topics/User/Settings/MySettings
/Filtering/MyContentFiltering.aspx

 

 

From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>
[mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim
Sent: Tuesday, May 31, 2016 9:01 PM
To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> 
Subject: [MBF] Re: Internal BLocked Sender

 

Unable to locate setting to verify and correct

 

From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>
[mailto:community@mailsbestfriend.com] On Behalf Of David Barker | Mail's
Best Friend | 1-866-919-2075
Sent: Tuesday, May 31, 2016 7:17 PM
To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> 
Subject: [MBF] Re: Internal BLocked Sender

 

There is a user created filter called "Internal Blocked Senders" on the user
account or domain that is deleting the message.

 

From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>
[mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim
Sent: Tuesday, May 31, 2016 5:17 PM
To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> 
Subject: [MBF] Internal BLocked Sender

 

Symptoms would have it that Internal Blocked Sender is preventing delivery
of email to a SmarterMail inbox.

 

[2016.05.01] 15:23:00 [05796] Delivery started for c...@tmcexpo.com
<mailto:c...@tmcexpo.com>  at 3:23:00 PM

[2016.05.01] 15:23:03 [05796] Spam check results: [_BAYESIANFILTERING:
passed]

[2016.05.01] 15:23:06 [05796] Starting local delivery to
gl...@gotofusioncreative.com <mailto:gl...@gotofusioncreative.com> 

[2016.05.01] 15:23:06 [05796] Skipping spam filtering: Trusted Sender (user
level)

[2016.05.01] 15:23:06 [05796] Delivery for c...@tmcexpo.com
<mailto:c...@tmcexpo.com>  to gl...@gotofusioncreative.com
<mailto:gl...@gotofusioncreative.com>  has completed (Deleted) Filter:
Internal Blocked Senders

[2016.05.01] 15:23:06 [05796] End delivery to gl...@gotofusioncreative.com
<mailto:gl...@gotofusioncreative.com> 

[2016.05.01] 15:23:06 [05796] Delivery finished for c...@tmcexpo.com
<mailto:c...@tmcexpo.com>  at 3:23:06 PM [id:x112705796]

 

Above is a log file excerpt which provides the opening statement. The
c...@tmcexpo.com <mailto:c...@tmcexpo.com>  email is in the trusted senders
list for gl...@gotofustioncreative.com
<mailto:gl...@gotofustioncreative.com> . There are NO listed addresses in
the SMTP Blocking for the glenn@ . . .  account.

 

My problem is trying to figure out where the blocking is set and getting it
removed.

 

Anyone?

 

Martin Margheim

Independent PC Consultant

ad...@kodot.com <mailto:ad...@kodot.com> 

727-365-3372

[MBF] Re: Call external batch file from Declude

2016-05-11 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
Hi Don,

Yes Declude can call an external program to rewrite the file. Depending on
how much email the server receives this may be a lot of overhead re-writing
email files which could introduce additional performance issues.  Maybe it's
time to get off IMail.

How many mailboxes do you host ?

David

-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Don Winsauer
Sent: Wednesday, May 11, 2016 2:02 AM
To: community@mailsbestfriend.com
Subject: [MBF] Re: Call external batch file from Declude

Good suggestion.  I know what you mean.

I had already checked it with a hex editor.  The original file did have the
correct 0x0d 0x0a sequences.

No extraneous CRs or LFs.

Thanks though,
Don

-- Original Message --
From: "'Andy Schmidt'" <andy_schm...@hm-software.com>
Reply-To: <community@mailsbestfriend.com>
Date:  Wed, 11 May 2016 02:52:51 -0400

>Hm - just consider the possibility that the problem is an INVALID "EOL"
>sequence.
>
>SMTP requires a CR/LF combination at the end of a line.
>
>But, some operating systems (like UNIX) just use a "LF", some just a "CR"
>(at some time MACs), and sometimes programmers accidentally code "LF/CR". 
>
>There have been cases, where a software tries to "fix" invalid EOF 
>sequences, by replacing a single "CR" (not followed by a LF) or a 
>single "LF" (not preceded by a "CR"), with a CR/LF - and the fails in 
>the case of a LF/CR sequence becoming a LF/CR/LF or a CR/LF/CR - which 
>another application might interpret as two EOLs.
>
>My point - make sure you inspect the original file using a HEX editor 
>for single CR or single LF characters - THIS might be the ultimate 
>source of the problem and the trigger of all subsequent issues.
>
>-Original Message-
>From: community@mailsbestfriend.com 
>[mailto:community@mailsbestfriend.com]
>On Behalf Of Don Winsauer
>Sent: Wednesday, May 11, 2016 1:22 AM
>To: community@mailsbestfriend.com
>Subject: [MBF] Re: Call external batch file from Declude
>
>Ok, Here ya go...
>
>For this customer of mine, I am scanning all their email for spam and 
>viruses and then forwarding the email to their Exchange server.
>
>It appears when Microsoft's Office 365 Exchange servers find an 
>attachment in the email, they are adding a header:
>
>x-microsoft-exchange-diagnostics:
>1;CO1PR04MB554;5:uIPmx3dm3PK/UJjiWJfcZKKgooCYjfXMN/RlsoZaA9l50T3ppyfEZL
>7hV
>0/b9lb2ameTAtuhrpdbSvHbPrOz6rkwXwybtN0NfVio9xbvrCXGemr4ElqtHO7qnlQgSVNF
>fs7 
>pQvr3Ik3TWCeV433olw==;24:8DgC4bge5fDd2sgE3gKjyQSudpsCI2J68HI5XChAq6H/ev
>gOT
>mn6pKnNx0FQS6aorGkRqORLzQaFVhM43MyWtb0BfiaV29+KboF8dNmBWRE=;7:FH8DkU9P/
>mn6pKnNx0FQS6aorGkRqORLzQaFVhM43MyWtb0BfiaV29+vAA
>2cZf0DCaqz5AJcXiy0ygl+Y8/LrpsGe5MAcP4A/EFx9j+hYJmORCaEjCtA/JWl80qdNRjjv
>2cZf0DCaqz5AJcXiy0ygl+o0h
>L4LnEt++q1KirBBcD5K1ervta5qLh42AsICnwR2hakHCxbOjf6EdMQtgxf/6M0Vj8JMmSuW
>L4LnEt++08/
>X0mL49SuD3kM8YHnljh4K8dAvOo+bCu3
>
>
>It is being added by several of his vendors (different domains).  All 
>from *.outlook.com servers.
>
>The SMTP32.exe process of my IMail (v8.15) sees the data in this header 
>and for some reason is adding a blank line after the header.  This 
>server has been in production since v8.15 was current.  It has 
>processed millions of emails and this is the first time I've had a problem
like this.
>
>I grabbed the raw email in the D*.smd file and all looks good.  In my 
>email client, it looks good.  When that file is processed and forwarded 
>to my customer's Exchange server, it shows headers in the body of the
email.
>It took me quite awhile removing headers until I figured out which one 
>it was.  With the help of a colleague, I had IMail send the email to 
>their email server (non-Exchange).  He grabbed the raw email file from 
>their end and we saw the extra blank line that was throwing everything off.
>SMTP32.EXE is inserting a blank line after this header.  While it is a 
>long header, it is not the longest header in the email.
>
>I find that when I remove this header, all works fine.  So that is what 
>I am trying to do.
>
>I have been working on this issue for two weeks.  It took me until 
>tonight to determine that SMTP32.exe was at fault.  During my research, 
>I even removed Declude from the chain and things still failed.  I am 
>trying to fix the problem with the tools I have at hand.
>
>Don
>
>-- Original Message --
>From: "David Barker | Mail's Best Friend | 1-866-919-2075"
><david.bar...@mailsbestfriend.com>
>Reply-To: <community@mailsbestfriend.com>
>Date:  Tue, 10 May 2016 17:34:23

[MBF] Re: Call external batch file from Declude

2016-05-10 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
Lets start at the end and work backwards what is the reason for removing
the header line and secondly which headerline do you want to remove ?

-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Don Winsauer
Sent: Tuesday, May 10, 2016 3:56 PM
To: community@mailsbestfriend.com
Subject: [MBF] Call external batch file from Declude

I need to remove a header line from a set of emails.

Can I use Declude to call an external batch file to modify the D*.smd file?
Possibly either as a Junkmail test or possibly a emulating a virus scanner?

Anyone doing anything like this?

Don
 





Sent via the WebMail system at net1media.com


 
   

#
This message is sent to you because you are subscribed to
  the mailing list .
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to

To switch to the INDEX mode, E-mail to 
Send administrative queries to  



#
This message is sent to you because you are subscribed to
  the mailing list .
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to

[MBF] Re: how to deal with emailreg.org?

2016-05-05 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
If you are not having the original issue with Barracuda and they are not 
responding then I would suggest to ditch the service.


David

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of SM Admin
Sent: Thursday, May 5, 2016 12:00 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: how to deal with emailreg.org?

 

No suggestions?

 

From: SM Admin   

Sent: Monday, May 2, 2016 10:44 AM

To: community@mailsbestfriend.com   

Subject: [MBF] how to deal with emailreg.org?

 

Hi all,

 

Some years ago I ran into a problem with Barracuda where they were blacklisting 
us for no reason at all. The solution was to register with emailreg.org and pay 
$20/year.  A lot has been posted on the Net about how emailreg is really part 
of Barracuda and it’s all a scam, but from my perspective, $20 was cheaper than 
the aspirin I’d need to sort out Barracuda’s problems.  This has worked every 
year until now.

 

This year, I needed to give them a new credit card number (same CC provider, 
CapitalOne, just a new number). However, once I entered the new number 
information, it wouldn’t process the renewal charge. I checked with the CC 
company and they said that emailreg is still trying to charge the old number.  
So somehow they’ve cached the old CC information and continue to try to use 
that, instead of the new number.

 

I’ve tried using their online contact form, which is the only contact info 
provided on the emailreg web site, but they never reply. So now I have two 
questions: is it still worth bothering with emailreg and how do I get a hold of 
these people?  Any suggestions?

 

Thanks,

 

Ben

[MBF] Re: Filter flub?

2016-04-21 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
Ah it was an HP Support ticket.. (You didn't mention that). the answer is
obviously then a very very very VERY..bad spam message ;)

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Tina Cline
Sent: Thursday, April 21, 2016 3:45 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: Filter flub?

 

I sent Linda a copy of my Global.cfg just in case, but I will chalk it up as
wonky.  The email in question was from HP support and they love to put the
case# in the subject which reads as spammy as well as different languages in
the body, so it is bound to fail some filters, but not like this.

I have never seen it before and hopefully not again.at least to "legit"
email.

Thanks for being here!

 

Tina Cline 
270net Technologies 

IT Support Specialist
Phone: 301.663.6000 x200

 

From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>
[mailto:community@mailsbestfriend.com] On Behalf Of David Barker | Mail's
Best Friend | 1-866-919-2075
Sent: Thursday, April 21, 2016 4:32 PM
To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> 
Subject: [MBF] Re: Filter flub?

 

HI Tina,

 

In 12 years I have only seen this once before.  This was a very very very
VERY..bad spam message or under very specific and unknown circumstances this
mathematical anomaly occurs. 

 

Sorry can't be more helpful but it is exactly that. A glitch in the matrix.

 

David

 

From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>
[mailto:community@mailsbestfriend.com] On Behalf Of Tina Cline
Sent: Thursday, April 21, 2016 3:13 PM
To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> 
Subject: [MBF] Filter flub?

 

We had an email get deleted because declude gave the score of: 1,601,332,592
How does that happen??  It looks like it gave the score for FROMNOMATCH
which we have set up as:

FROMNOMATCH FROMNOMATCH X X
2  0

 

How does that happen?  I have not found it doing this before and there have
been no recent changes to the global.cfg.

 

04/19/2016 13:05:37.749 165748725 Tests failed [weight=1601332592]:
CATCHALLMAILS=IGNORE[0] IPNOTINMX=IGNORE[0] SPFPASS=IGNORE[0]
SUBCHARS-55=IGNORE[1] SUBCHARS-60=IGNORE[1] SUBCHARS-65=IGNORE[1]
FROMNOMATCH=IGNORE[1601332583] FILTER-SPAM=IGNORE[1]
FILTER-SUBJECT=IGNORE[4] PRE-TESTED=IGNORE[1] WEIGHT10=WARN[10]
WEIGHT14=WARN[14] WEIGHT20=WARN[20] WEIGHT30=DELETE[30] 

 

 

Tina Cline 
270net Technologies - IT Support Specialist
Phone: 301.663.6000 x200
Fax: 301.663.4410
www.270net.com

"Internet Technology for Business and Government"

[MBF] Re: Filter flub?

2016-04-21 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
HI Tina,

 

In 12 years I have only seen this once before.  This was a very very very
VERY..bad spam message or under very specific and unknown circumstances this
mathematical anomaly occurs. 

 

Sorry can't be more helpful but it is exactly that. A glitch in the matrix.

 

David

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Tina Cline
Sent: Thursday, April 21, 2016 3:13 PM
To: community@mailsbestfriend.com
Subject: [MBF] Filter flub?

 

We had an email get deleted because declude gave the score of: 1,601,332,592
How does that happen??  It looks like it gave the score for FROMNOMATCH
which we have set up as:

FROMNOMATCH FROMNOMATCH X X
2  0

 

How does that happen?  I have not found it doing this before and there have
been no recent changes to the global.cfg.

 

04/19/2016 13:05:37.749 165748725 Tests failed [weight=1601332592]:
CATCHALLMAILS=IGNORE[0] IPNOTINMX=IGNORE[0] SPFPASS=IGNORE[0]
SUBCHARS-55=IGNORE[1] SUBCHARS-60=IGNORE[1] SUBCHARS-65=IGNORE[1]
FROMNOMATCH=IGNORE[1601332583] FILTER-SPAM=IGNORE[1]
FILTER-SUBJECT=IGNORE[4] PRE-TESTED=IGNORE[1] WEIGHT10=WARN[10]
WEIGHT14=WARN[14] WEIGHT20=WARN[20] WEIGHT30=DELETE[30] 

 

 

Tina Cline 
270net Technologies - IT Support Specialist
Phone: 301.663.6000 x200
Fax: 301.663.4410
www.270net.com

"Internet Technology for Business and Government"

[MBF] Re: FROM per-domain

2016-04-04 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
Hi Carl,

 

The users address book can be used as a whitelist. In addition if you are
using SmarterMail the Trusted Sender list can be used as a whitelist.

 

To answer your question:

 

1.   Yes this is correct.

 

2.   It must be made clear it is not Declude that does not properly
identify the sender. Declude uses the sender that is in the envelope of the
message, this helps prevents spoofing of the message. The header can contain
any sender this is why it is done. The reason I mention this is the client
must understand by doing it this way they are bypassing a safety mechanism.
You can create a filter as you have described, but you cannot only run a
filter for a per domain or user. All filters run in Declude. However, you
can restrict it so it only triggers for a specific domain (example.com)
using the following line in the filter which will achieve the same result:

 

ALLRECIPS   END   NOTCONTAINS example.com

 

 




David Barker 
P: +1 866.919.2075
E:  
david.bar...@mailsbestfriend.com 



 


 

 

 

 

 

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Carl Wagar
Sent: Monday, April 4, 2016 10:18 AM
To: community@mailsbestfriend.com
Subject: [MBF] FROM per-domain

 

I have a customer who I had to give his own per-domain whitelist and I think
it works.

 

1.May I assume if he has his own domain/com/$default$.junmail file that
uses WHITELISTFILE to refer to the location

where he can FTP upload whitelist.txt then this should work?

 

2.As per normal, many senders say they are FROM somewhere but Declude
sender says they are really something else @eigbox or whatever.

You gave me a filter FILTER-WHITELIST-FROM that lets me do the following for
select addresses:

HEADERSWHITELISTPCRE (?im:From:.+@whateverdomain.com)

 

Would I be able to set this up so that the customer can create a file like
this for his senders who Declude does not properly

identify as the sender? in other words, can his $default$.junkmail file load
a filter like this? Or could I make a filter that 

loads from his directory?

 

Thanks.

Carl

 

 

 

 

J. Carl Wagar

EntreNet Communications Inc
www.entrenet.com    www.thehostingservice.com
  

24 Swain Ave, Ottawa, ON, K1G 4T1, Canada

Email: jcwa...@entrenet.com  , skype: jcwagar

Tel: +1 613-737-7327, Fax: +1 613-737-5801

Cel: +1 613-818-8898

[MBF] Re: Verizon.net email now AOL

2016-03-21 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
I'm sure you not the last person to learn about this.

https://help.aol.com/articles/verizon-move-to-aol-mail-faq

Verizon acquired AOL for $4.4B  around the middle of 2015

David



-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of John Tolmachoff
Sent: Monday, March 21, 2016 12:45 PM
To: community@mailsbestfriend.com
Subject: [MBF] Verizon.net email now AOL

OK, so just in case I am NOT the last one to learn this, Verizon.net email now 
goes through AOL servers. This affects the SPAMDOMAINS test. 

Very sad. I mean, Verizon is bad enough, but moving to America Off Line is 
going backwards.

This only affects Verizon.net customers in CA, FL and TX.

John T
eServices For You


#
This message is sent to you because you are subscribed to
  the mailing list .
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to  



#
This message is sent to you because you are subscribed to
  the mailing list .
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to

[MBF] Re: all_list.dat

2016-02-09 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
Just dropping the file is fine. No need to restart.

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of Dean Lawrence
Sent: Tuesday, February 9, 2016 10:57 AM
To: community@mailsbestfriend.com
Subject: [MBF] Re: all_list.dat

 

Dave, does Declude need to be restarted for this to take effect or is just 
dropping in the new file sufficient.

 


  <http://www.idatatech.com/images/email-profile.jpg> 

Dean Lawrence
President
Internet Data Technology
Phone: 888-438-4381 x701
Web: www.idatatech.com <http://www.idatatech.com/> 
Email: d...@idatatech.com <mailto:d...@idatatech.com> 


Programming | Database | Consulting | Training 

 

 

On Feb 2, 2016, at 12:15 AM, David Barker | Mail's Best Friend | 1-866-919-2075 
<david.bar...@mailsbestfriend.com <mailto:david.bar...@mailsbestfriend.com> > 
wrote:

 

 <http://mailsbestfriend.com/downloads/Misc/all_list.dat> Download All_List.dat 
02.01.2016 ready.

 

From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>  
[mailto:community@mailsbestfriend.com] On Behalf Of David Barker | Mail's Best 
Friend | 1-866-919-2075
Sent: Wednesday, January 27, 2016 10:49 AM
To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> 
Subject: [MBF] Re: all_list.dat

 

It contains the Geolocation of IP’s. I will generate a new one and post it. I 
will look at automating the process so it is updated on a more regular basis.

 

David

 

From:  <mailto:community@mailsbestfriend.com> community@mailsbestfriend.com [ 
<mailto:community@mailsbestfriend.com> mailto:community@mailsbestfriend.com] On 
Behalf Of Gary Steiner
Sent: Wednesday, January 27, 2016 10:11 AM
To:  <mailto:community@mailsbestfriend.com> community@mailsbestfriend.com
Subject: [MBF] all_list.dat

 

How important is the all_list.dat file?  It hasn't been updated in over a year. 
 How is this file generated?

 

Regards,

 

Gary

[MBF] Re: Filter for current year

2016-02-09 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
FILTER SPAM

 

#!!UPDATE EVERY YEAR!! CURRENTLY SET 2016

HEADERS 5  PCRE
(?im:Date:.{5,20}(201[012345789]|19[0-9]{2}|200[0-9]))

 

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Scott Fosseen - Prairie Lakes AEA
Sent: Tuesday, February 9, 2016 11:50 AM
To: community@mailsbestfriend.com
Subject: [MBF] Filter for current year

 

If I remember correctly do I need to change one of the filters now that we
are in 2016?  If so where?

[MBF] Re: Declude and DMARC

2016-02-08 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
Declude does not have any configuration interactivity/configuration for
DMARC however SmarterMail does support DMARC.

 

David

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Michael Cummins
Sent: Monday, February 8, 2016 1:35 PM
To: community@mailsbestfriend.com
Subject: [MBF] Declude and DMARC

 

Does Declude offer any interactivity/configuration with DMARC?

 

- Michael Cummins

[MBF] Re: Using Declude and SmarterMail effectively

2016-02-08 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
You can still use the per-domain settings in Declude with everything on
WARN. The key is the final results score. This way the message is passed
back to SM where the DKIM, DomainKeys, DMARC etc. have their benefit.
Besides if it is deleted by Declude it was because the message was
considered spam so what benefit would DKIM, DomainKeys, DMARC be to the
message anyway ?

David



-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Michael Cummins
Sent: Monday, February 8, 2016 3:08 PM
To: community@mailsbestfriend.com
Subject: [MBF] Using Declude and SmarterMail effectively

What is the best way to synergize the benefits of both Declude and
SmarterMail?

If I understand correctly, by having all of the subject marking and deleting
taking place inside of Declude, then I can easily have per-domain
configuration.

If I take it out of Declude and set everything to Warn, then I can no longer
configure things per domain, but I am perhaps missing out on some of the
features SmarterMail brings to the table, yes?

I mean, if it was deleted by Declude, then it doesn't benefit from the DKIM,
DomainKeys, DMARC you can play with in SmarterMail.

Am I thinking correctly?

Thanks! 

- Michael Cummins



#
This message is sent to you because you are subscribed to
  the mailing list .
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to

To switch to the INDEX mode, E-mail to 
Send administrative queries to  



#
This message is sent to you because you are subscribed to
  the mailing list .
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to

[MBF] Re: all_list.dat

2016-01-27 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
It contains the Geolocation of IP's. I will generate a new one and post it.
I will look at automating the process so it is updated on a more regular
basis.

 

David

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Gary Steiner
Sent: Wednesday, January 27, 2016 10:11 AM
To: community@mailsbestfriend.com
Subject: [MBF] all_list.dat

 

How important is the all_list.dat file?  It hasn't been updated in over a
year.  How is this file generated?

 

Regards,

 

Gary

[MBF] Re: Mail Delivery to Public Services

2016-01-20 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
Right, and this is the downside of free email services like Yahoo, Hotmail
etc.

 

>From what you have described the email has gone missing AFTER receipt of the
email by the recipient server. 

 

There are several things you can do to improve deliverability of your server
in general, such as feedback loops, DMARC etc. but as for this individual
mail I can only suggest following Yahoo Mail deliverability FAQs:

 

https://help.yahoo.com/kb/SLN24439.html

 

David

 

 

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Martin Margheim
Sent: Wednesday, January 20, 2016 1:10 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: Mail Delivery to Public Services

 

Yes, David, answers have been provided 

 

However, it still means non-delivery of email, even if it is the 'other guy'

 

Are there any ways of checking delivery of email from one account to another
that might provide feedback from more than just delivering server logs?

 

From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>
[mailto:community@mailsbestfriend.com] On Behalf Of David Barker | Mail's
Best Friend | 1-866-919-2075
Sent: Wednesday, January 20, 2016 1:58 PM
To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> 
Subject: [MBF] Re: Mail Delivery to Public Services

 

Martin,

 

I believe this question has already been answered in a previous post to this
list:

 

"..it could be the recipient mail server, their anti-spam/av system, the
email client, the email clients anti-spam/av system, or just a PEBKAC"

 

David

 

 

From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>
[mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim
Sent: Wednesday, January 20, 2016 12:51 PM
To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> 
Subject: [MBF] Mail Delivery to Public Services

 

If I understand the public industry, a number public email services are
actually handled by Yahoo. I believe SBCGLOBAL, AT and other AT related
public email services. Perhaps others are being handled by Yahoo as well. At
issue and the prompt of this email is email from my SmarterMail server with
Declude installed and the ARM Sniffer operational, email from a particular
email address on one of the email domains does not have received by Yahoo
and other public accounts. Other email accounts on the same email domain can
send mail to a Yahoo email address and have it received. Thus, I do not
believe the issue is domain related. 

 

The server logs show email from the subject account are delivering mail and
a 250 resp is provided. The log indicated the email was delivered. However,
the mail is never received by the recipients. 

 

Any suggestions or clues as to where and how to look for reasons? There is
no rejection of email, no bounce, no non-deliverables. The email is simply
disappearing. 

 

Thoughts?

 

Martin Margheim

Independent PC Consultant

ad...@kodot.com <mailto:ad...@kodot.com> 

727-365-3372

[MBF] Re: Mail reports delivered but never received

2016-01-15 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
You would need to trace the email on the receiving server. Starting with the
Logs would be your best option. 

 

David

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Martin Margheim
Sent: Friday, January 15, 2016 10:52 AM
To: community@mailsbestfriend.com
Subject: [MBF] Re: Mail reports delivered but never received

 

What is puzzling is that another WS on the same (different email address)
LAN using the same SM server under the same SM Domain can send and the email
is received. The missing email does not appear in SPAM | Junk folders and
the behavior is manifested to all recipients. 

 

Since mail is going through the server, where can it possibly be going?

 

From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>
[mailto:community@mailsbestfriend.com] On Behalf Of David Barker | Mail's
Best Friend | 1-866-919-2075
Sent: Friday, January 15, 2016 11:31 AM
To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> 
Subject: [MBF] Re: Mail reports delivered but never received

 

The SM log tells you that the email was delivered, that is it was accepted
by the receiving email server. What happens to the email from that point on
foward is not information available to SM. 

 

So it could be the recipient mail server, their anti-spam/av system, the
email client, the email clients anti-spam/av system, or just a PEBKAC

 

David

 

From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>
[mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim
Sent: Friday, January 15, 2016 10:02 AM
To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> 
Subject: [MBF] Mail reports delivered but never received

 

Any thoughts on a SmarterMail account sending email, SmarterMail's logs
reports email sent but it is not being received.

 

Strangely, another WS on the same LAN and same email server domain can send
and mail is received

 

Email account on server?

 

Email account on Outlook at WS?

 

Why would SM Logs show delivery but recipients never receive?

[MBF] FILTER-SPAM Date Change

2015-12-14 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
If your Declude Filters are automatically updating then this post is not for
you. 

 

If you manually update your Declude Filters please take note of the
following. 

 

Every year we need to update this line in FILTER-SPAM as it detects emails
that have dates either in the past of far future. The current line is this:

 

#!!UPDATE EVERY YEAR!! CURRENTLY SET 2015

HEADERS 5  PCRE
(?im:Date:.{5,20}(201[012346-9]|19[0-9]{2}|200[0-9]))

 

Update the filter to this so you don't have to be waiting at your keyboard
at midnight missing the New Year's party:

 

#!!UPDATE EVERY YEAR!! CURRENTLY SET 2015 & 2016

HEADERS  5  PCRE
(?im:Date:.{5,20}(201[01234-9]|19[0-9]{2}|200[0-9]))

 

Then when you get around to it in the new year update FILTER-SPAM with this:

 

#!!UPDATE EVERY YEAR!! CURRENTLY SET 2016

HEADERS  5  PCRE
(?im:Date:.{5,20}(201[0123457-9]|19[0-9]{2}|200[0-9]))

David Barker
Mail's Best Friend

Email :  
david.bar...@mailsbestfriend.com
Web  :   www.mailsbestfriend.com
Office: +1.866.919.2075

[MBF] Re: Checking for an amount pf points

2015-12-11 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
The filter will not trigger (or be found in the headers) unless it reaches a
minimum of 10 points, it is the FINAL score that is counted. Example if
these 4 rules triggered in the same filter the total would be 6 so the
filter would not trigger.

 

MINWEIGHTTTOFAIL  10

 

Rule1 3  PCRE  (regex)

Rule2 7 PCRE  (regex)

Rule3 -10  PCRE (regex)

Rule4 6 PCRE  (regex)

David Barker
Mail’s Best Friend

Email :  <mailto:david.bar...@mailsbestfriend.com>
david.bar...@mailsbestfriend.com
Web  :  <http://www.mailsbestfriend.com/> www.mailsbestfriend.com
Office: +1.866.919.2075

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Martin Schaible
Sent: Friday, December 11, 2015 5:00 PM
To: community@mailsbestfriend.com
Subject: [MBF] AW: Checking for an amount pf points

 

Hi David,

 

That was very helpful, thank you.

 

For Filter-A: If MINWEIGHTTTOFAIL  10 was not reached, The filter is not
visible in the headers as Filter-A [5]. Meaning, all or nothing?

 

Freundliche Grüsse

 


--
netfusion GmbH | Martin Schaible
Mittelfeldstrasse 27 | CH-8700 Küsnacht | Switzerland
Tel.: +41 44 585 22 54

E-Mail:  <mailto:mar...@netfusion.ch> mar...@netfusion.ch
Internet:  <http://www.netfusion.ch/> www.netfusion.ch |
<http://wiki.netfusion.ch/> wiki.netfusion.ch
Portal:  <http://portal.netfusion.ch/> portal.netfusion.ch

Wird sind auch auf Facebook präsent:
<http://www.facebook.com/NetfusionGmbH> www.facebook.com/NetfusionGmbH

--

 



 

Von: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>
[mailto:community@mailsbestfriend.com] Im Auftrag von David Barker | Mail's
Best Friend | 1-866-919-2075
Gesendet: Freitag, 11. Dezember 2015 23:28
An: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> 
Betreff: [MBF] Re: Checking for an amount pf points

 

Martin,

 

Here is an example of FILTER-B will not trigger if FILTER-A triggered.

 

A-

 

FILTER-A (This filter will only trigger if both rule1 and rule2 trigger)

 

MINWEIGHTTTOFAIL  10

 

Rule15PCRE (regex)

Rule25PCRE (regex)

 

B-


FILTER-B  (Will not run if FILTER-A triggered)

 

TESTSFAILED  END   CONTAINSFILTER-A

 

Rule35PCRE (regex)

Rule45PCRE (regex)

 

-

 

 

 

The next example is the reverse FILTER-B will trigger if FILTER-A triggered.

 

A-

 

FILTER-A (This filter will only trigger if both rule1 and rule2 trigger)

 

MINWEIGHTTTOFAIL  10

 

Rule15PCRE (regex)

Rule25PCRE (regex)

 

B-


FILTER-B  (Will run if FILTER-A triggered)

 

TESTSFAILED  END   NOTCONTAINSFILTER-A

 

Rule35PCRE (regex)

Rule45PCRE (regex)

 

-

 

Hope this is helpful. Sometimes thinking this through is not such an easy
task, the logic can sometimes make your brain hurt. Always test to make sure
it does what you expect.

 

David Barker
Mail’s Best Friend

Email :  <mailto:david.bar...@mailsbestfriend.com>
david.bar...@mailsbestfriend.com
Web  :  <http://www.mailsbestfriend.com/> www.mailsbestfriend.com
Office: +1.866.919.2075

 

 

 

From: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>
[mailto:community@mailsbestfriend.com] On Behalf Of Martin Schaible
Sent: Friday, December 11, 2015 3:29 PM
To: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> 
Subject: [MBF] Checking for an amount pf points

 

Hi

 

If i go for testfailed end pcre (Myfilter), the trigger will be active
without knowing how the score of myFilter is. It is important that the test
needs e.g. 10 points and not less.

I tried to check „headers“by checking the results of TESTSFAILEDWITHWEIGHTS
with regex. It looks like that at the time the filtering is running,
TESTSFAILEDWITHWEIGHTS is not written yet.

 

The idea behind is, that MyRule2 will be skipped, if MyRule has a score of
Low Spam (10 points) 

 

Any idea, how i can do this?

 

Freundliche Grüsse

 


--
netfusion GmbH | Martin Schaible
Mittelfeldstrasse 27 | CH-8700 Küsnacht | Switzerland
Tel.: +41 44 585 22 54

E-Mail:  <mailto:mar...@netfusion.ch> mar...@netfusion.ch
Internet:  <http://www.netfusion.ch/> www.netfusion.ch |
<http://wiki.netfusion.ch/> wiki.netfusion.ch

[MBF] Re: Checking for an amount pf points

2015-12-11 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
Martin,

 

Here is an example of FILTER-B will not trigger if FILTER-A triggered.

 

A-

 

FILTER-A (This filter will only trigger if both rule1 and rule2 trigger)

 

MINWEIGHTTTOFAIL  10

 

Rule15PCRE (regex)

Rule25PCRE (regex)

 

B-


FILTER-B  (Will not run if FILTER-A triggered)

 

TESTSFAILED  END   CONTAINSFILTER-A

 

Rule35PCRE (regex)

Rule45PCRE (regex)

 

-

 

 

 

The next example is the reverse FILTER-B will trigger if FILTER-A triggered.

 

A-

 

FILTER-A (This filter will only trigger if both rule1 and rule2 trigger)

 

MINWEIGHTTTOFAIL  10

 

Rule15PCRE (regex)

Rule25PCRE (regex)

 

B-


FILTER-B  (Will run if FILTER-A triggered)

 

TESTSFAILED  END   NOTCONTAINSFILTER-A

 

Rule35PCRE (regex)

Rule45PCRE (regex)

 

-

 

Hope this is helpful. Sometimes thinking this through is not such an easy
task, the logic can sometimes make your brain hurt. Always test to make sure
it does what you expect.

 

David Barker
Mail’s Best Friend

Email :  
david.bar...@mailsbestfriend.com
Web  :   www.mailsbestfriend.com
Office: +1.866.919.2075

 

 

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Martin Schaible
Sent: Friday, December 11, 2015 3:29 PM
To: community@mailsbestfriend.com
Subject: [MBF] Checking for an amount pf points

 

Hi

 

If i go for testfailed end pcre (Myfilter), the trigger will be active
without knowing how the score of myFilter is. It is important that the test
needs e.g. 10 points and not less.

I tried to check „headers“by checking the results of TESTSFAILEDWITHWEIGHTS
with regex. It looks like that at the time the filtering is running,
TESTSFAILEDWITHWEIGHTS is not written yet.

 

The idea behind is, that MyRule2 will be skipped, if MyRule has a score of
Low Spam (10 points) 

 

Any idea, how i can do this?

 

Freundliche Grüsse

 


--
netfusion GmbH | Martin Schaible
Mittelfeldstrasse 27 | CH-8700 Küsnacht | Switzerland
Tel.: +41 44 585 22 54

E-Mail:   mar...@netfusion.ch
Internet:   www.netfusion.ch |
 wiki.netfusion.ch
Portal:   portal.netfusion.ch

Wird sind auch auf Facebook präsent:
 www.facebook.com/NetfusionGmbH

--

[MBF] Re: PRE-TESTED.txt and .me

2015-11-19 Thread David Barker | Mail's Best Friend | 1-866-919-2075 
The PRE-TESTED filter does take some other rules into account. But you are
correct with regards to .me as it is being used legitimately. I have updated
the filter. 

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Scott Fosseen - Prairie Lakes AEA
Sent: Thursday, November 19, 2015 3:56 PM
To: community@mailsbestfriend.com
Subject: [MBF] PRE-TESTED.txt and .me

 

We are seeing messages being blocked from seesaw.me.  It looks like it is
failing 4 tests from the pre-tested.txt filter and giving the message a
total weight of 55 points 

revdns 15

mailfrom 15

helo 15

body 10

 

Should the filter be adding up all the points.  otherwise it looks like
every email from .me will get blocked.